Received: by 10.223.185.116 with SMTP id b49csp3207026wrg;
        Mon, 5 Mar 2018 16:32:40 -0800 (PST)
X-Google-Smtp-Source: AG47ELvuRSn613VkITDlevwf41Sk5Sf+AykYSCSOEuEnoRsJupTbu7J/61hb2nlBqVKVBf4T5eY0
X-Received: by 2002:a17:902:c24:: with SMTP id 33-v6mr14868405pls.24.1520296360896;
        Mon, 05 Mar 2018 16:32:40 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1520296360; cv=none;
        d=google.com; s=arc-20160816;
        b=CvrQynZaf3L/5IocRnCqSTX+dsgYfYr0/WvsFyhEmM4HiUpOBVbBaUTRckao65g28g
         jNFtSQBtNyE5KRMqS1Otietwqqp9nv3nXfYzC6peuDUxQ800mCBcn0mAe9a174XA0+Gq
         u50y9abmNTjxb/6zB98BMOcmb5RjukqZrFVCCvzUz/lnn+YUEb4pe2J9u/pioWD0USbO
         lTot6RXSOd5tm16aRD2k0CUmkspQHlUj7v5wqVxd/OETomkrmldNx/zrwjQobsYKhvIb
         W4B1mYi/vFH5tNVPDmHDCVwMF619xgGpNhCPRY3wegOHd6DZKmLCUis+9b33ZiyoJoIc
         gyTA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:references:in-reply-to:message-id:date
         :subject:to:from:dkim-signature:arc-authentication-results;
        bh=QQc2cgXTaincKDmalJY5apVwnkdis0a1rFBgV6JAKYU=;
        b=IODd+3+d6ugWjxS9HXijmddCabOee5KyqclGk7ohpMNVajpBq5PQgLiy9ehUGQJmTr
         FzWPo/HkQmCNgmD0VmD9QH3nXV9OhRyeVv2r43aM2cNfR23BR1kbK7BhGVHtPipDqmVU
         KEQ4pmPxRa9YJEA1j5GRAUxp2COf9t0aDWe+P/YNfZqaDZD7d8JP5zcIzM4+dNDOx/Dv
         GEuw7y+lZuK42/yZjL7szJ7BcfjP0iRbmv3t9U+QmhjWsUo7EEObZmoIRgR/YXLqd7Z4
         vgO9fOZYsLsy3tEc4U1lHF90hCkaUhWwtvNiWlxHRaa4UiEn1hEZ99ZWcAVcYcEbu3Np
         hRtQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@oracle.com header.s=corp-2017-10-26 header.b=HSq1zjgu;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id x4-v6si10019907plw.297.2018.03.05.16.32.26;
        Mon, 05 Mar 2018 16:32:40 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@oracle.com header.s=corp-2017-10-26 header.b=HSq1zjgu;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S933587AbeCFAau (ORCPT <rfc822;zcyberian@gmail.com> + 99 others);
        Mon, 5 Mar 2018 19:30:50 -0500
Received: from aserp2130.oracle.com ([141.146.126.79]:35156 "EHLO
        aserp2130.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S933474AbeCFA0v (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 5 Mar 2018 19:26:51 -0500
Received: from pps.filterd (aserp2130.oracle.com [127.0.0.1])
        by aserp2130.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w260LfRk115073;
        Tue, 6 Mar 2018 00:26:47 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : subject :
 date : message-id : in-reply-to : references; s=corp-2017-10-26;
 bh=QQc2cgXTaincKDmalJY5apVwnkdis0a1rFBgV6JAKYU=;
 b=HSq1zjguigHwJqYr7Wezn+IFAOu2Vu3LkGsOX6eNTa6C46q2+0c9GExHskT6qG2hHi0d
 eHcoPiI58znx5umBaFhxhHq4zTErVs89l+anm0P6mKm0bntr6u+IwxkB2uzTle/lgyNe
 678TRnze1dZKLrxjwI3aRA/nalnFNZsW+VlXqIT9Ftsh7ExbmuR6Ru6uc4QqSkk84niI
 2YLU36uW31toCf1CJNIQ5X4Kbh6jv2XHj/cDqRxzHuFlRyjLurF96XcibUb6F+AJ8oum
 4sNkzoJXruEsXKjzHyHXQORAlTKNtopBkLk4ueRUx7d9YBfRWChUQnZ7WBUe+/H9qzt+ /A== 
Received: from userv0022.oracle.com (userv0022.oracle.com [156.151.31.74])
        by aserp2130.oracle.com with ESMTP id 2ghdxf8k5r-1
        (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
        Tue, 06 Mar 2018 00:26:46 +0000
Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235])
        by userv0022.oracle.com (8.14.4/8.14.4) with ESMTP id w260Qjpe012017
        (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL);
        Tue, 6 Mar 2018 00:26:46 GMT
Received: from abhmp0008.oracle.com (abhmp0008.oracle.com [141.146.116.14])
        by aserv0121.oracle.com (8.14.4/8.13.8) with ESMTP id w260QjXv000537;
        Tue, 6 Mar 2018 00:26:45 GMT
Received: from localhost.localdomain (/98.216.35.41)
        by default (Oracle Beehive Gateway v4.0)
        with ESMTP ; Mon, 05 Mar 2018 16:26:45 -0800
From:   Pavel Tatashin <pasha.tatashin@oracle.com>
To:     steven.sistare@oracle.com, daniel.m.jordan@oracle.com,
        linux-kernel@vger.kernel.org, Alexander.Levin@microsoft.com,
        dan.j.williams@intel.com, sathyanarayanan.kuppuswamy@intel.com,
        pankaj.laxminarayan.bharadiya@intel.com, akuster@mvista.com,
        cminyard@mvista.com, pasha.tatashin@oracle.com,
        gregkh@linuxfoundation.org, stable@vger.kernel.org
Subject: [PATCH 4.1 52/65] x86/kaiser: Check boottime cmdline params
Date:   Mon,  5 Mar 2018 19:25:25 -0500
Message-Id: <20180306002538.1761-53-pasha.tatashin@oracle.com>
X-Mailer: git-send-email 2.16.2
In-Reply-To: <20180306002538.1761-1-pasha.tatashin@oracle.com>
References: <20180306002538.1761-1-pasha.tatashin@oracle.com>
X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=8823 signatures=668683
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0
 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=802
 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.0.1-1711220000 definitions=main-1803060003
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Borislav Petkov <bp@suse.de>

AMD (and possibly other vendors) are not affected by the leak
KAISER is protecting against.

Keep the "nopti" for traditional reasons and add pti=<on|off|auto>
like upstream.

Signed-off-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit e405a064bd7d6eca88935342ddb71057a9d6ceab)
Signed-off-by: Pavel Tatashin <pasha.tatashin@oracle.com>
---
 Documentation/kernel-parameters.txt |  6 ++++
 arch/x86/mm/kaiser.c                | 59 ++++++++++++++++++++++++++-----------
 2 files changed, 47 insertions(+), 18 deletions(-)

diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
index c1f3dbed0021..f6c046f03905 100644
--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
@@ -2972,6 +2972,12 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
 	pt.		[PARIDE]
 			See Documentation/blockdev/paride.txt.
 
+	pti=		[X86_64]
+			Control KAISER user/kernel address space isolation:
+			on - enable
+			off - disable
+			auto - default setting
+
 	pty.legacy_count=
 			[KNL] Number of legacy pty's. Overwrites compiled-in
 			default number.
diff --git a/arch/x86/mm/kaiser.c b/arch/x86/mm/kaiser.c
index a724496a5852..88b4526d57a5 100644
--- a/arch/x86/mm/kaiser.c
+++ b/arch/x86/mm/kaiser.c
@@ -16,6 +16,7 @@
 #include <asm/pgtable.h>
 #include <asm/pgalloc.h>
 #include <asm/desc.h>
+#include <asm/cmdline.h>
 
 int kaiser_enabled __read_mostly = 1;
 EXPORT_SYMBOL(kaiser_enabled);	/* for inlined TLB flush functions */
@@ -264,6 +265,43 @@ static void __init kaiser_init_all_pgds(void)
 	WARN_ON(__ret);							\
 } while (0)
 
+void __init kaiser_check_boottime_disable(void)
+{
+	bool enable = true;
+	char arg[5];
+	int ret;
+
+	ret = cmdline_find_option(boot_command_line, "pti", arg, sizeof(arg));
+	if (ret > 0) {
+		if (!strncmp(arg, "on", 2))
+			goto enable;
+
+		if (!strncmp(arg, "off", 3))
+			goto disable;
+
+		if (!strncmp(arg, "auto", 4))
+			goto skip;
+	}
+
+	if (cmdline_find_option_bool(boot_command_line, "nopti"))
+		goto disable;
+
+skip:
+	if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD)
+		goto disable;
+
+enable:
+	if (enable)
+		setup_force_cpu_cap(X86_FEATURE_KAISER);
+
+	return;
+
+disable:
+	pr_info("Kernel/User page tables isolation: disabled\n");
+	kaiser_enabled = 0;
+	setup_clear_cpu_cap(X86_FEATURE_KAISER);
+}
+
 /*
  * If anything in here fails, we will likely die on one of the
  * first kernel->user transitions and init will die.  But, we
@@ -275,12 +313,10 @@ void __init kaiser_init(void)
 {
 	int cpu;
 
-	if (!kaiser_enabled) {
-		setup_clear_cpu_cap(X86_FEATURE_KAISER);
-		return;
-	}
+	kaiser_check_boottime_disable();
 
-	setup_force_cpu_cap(X86_FEATURE_KAISER);
+	if (!kaiser_enabled)
+		return;
 
 	kaiser_init_all_pgds();
 
@@ -424,16 +460,3 @@ void kaiser_flush_tlb_on_return_to_user(void)
 			X86_CR3_PCID_USER_FLUSH | KAISER_SHADOW_PGD_OFFSET);
 }
 EXPORT_SYMBOL(kaiser_flush_tlb_on_return_to_user);
-
-static int __init x86_nokaiser_setup(char *s)
-{
-	/* nopti doesn't accept parameters */
-	if (s)
-		return -EINVAL;
-
-	kaiser_enabled = 0;
-	pr_info("Kernel/User page tables isolation: disabled\n");
-
-	return 0;
-}
-early_param("nopti", x86_nokaiser_setup);
-- 
2.16.2